Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.
SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a Web site URL, like it is in phishing schemes. However, it has become more common to receive a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:
Notice: This is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.
In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.
Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent Web site was used within thirty minutes … halfway around the world.
To minimize your risk:
- Approach all text messages asking for your personal information with a great deal of skepticism.
- Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
- If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).